diff --git a/src/Server/Program.cs b/src/Server/Program.cs
index 062a0b9..938ffa3 100755
--- a/src/Server/Program.cs
+++ b/src/Server/Program.cs
@@ -69,9 +69,19 @@ builder.Services.AddAuthentication(options => {
     };
 });
 
-builder.Services.AddCors(o => o.AddDefaultPolicy(builder => {
-    builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();     // No CORS
-}));
+List<string> allowedOrigins = new List<string>{ "https://auth.mistox.com" };
+if (builder.Environment.IsDevelopment()) {
+    allowedOrigins.Add("http://localhost:5000");
+}
+
+builder.Services.AddCors(options => {
+    options.AddDefaultPolicy(policy => {
+        policy.WithOrigins(allowedOrigins.ToArray())
+              .AllowAnyHeader()
+              .AllowAnyMethod()
+              .AllowCredentials();
+    });
+});
 
 // Pages Service
 builder.Services.AddControllers();
diff --git a/src/Server/Services/AuthJWT.cs b/src/Server/Services/AuthJWT.cs
index 55e19a1..d689fe4 100644
--- a/src/Server/Services/AuthJWT.cs
+++ b/src/Server/Services/AuthJWT.cs
@@ -37,7 +37,7 @@ namespace Auth.Services {
                     new Claim(ClaimTypes.Dns, RequestedSite),
                     new Claim(ClaimTypes.IsPersistent, StayLoggedIn.ToString()),
                 ]),
-                Expires = DateTime.UtcNow.AddDays(7),
+                Expires = DateTime.UtcNow.AddMinutes(5),
                 IssuedAt = DateTime.UtcNow,
                 SigningCredentials = new SigningCredentials(RsaPrivateKey, SecurityAlgorithms.RsaSha256),
                 Audience = TokenAudience,